Once You Use Bitcoin You Can’t Go ‘Back’ — And That’s Its Fatal Flaw

Photo: Ariel Zambelich / WIRED

Bitcoin is the world’s most popular digital currency — not just a form of money, but a way of moving money around — and the darling topic du jour of the tech industry right now. [WIRED has its primer on what bitcoin is and how it works here.]

As a security researcher, I admire bitcoin-the-protocol. But I believe bitcoin-the-currency contains a fatal flaw.

As a security researcher, I admire bitcoin-the-protocol. It’s an incredibly clever piece of cryptographic engineering, especially the proof-of-work as a way of maintaining an indelible history and a signature scheme which, when properly used, can limit the damage that might be done by an adversary with a quantum computer. But I believe bitcoin-the-currency contains a fatal flaw, one that ensures that bitcoin won’t ever achieve widespread adoption as a currency.

The flaw? That bitcoin transactions are irreversible. That is, they can never be undone: Once committed, there is no “oops”, no “takeback”, no “control-Z”. Combined with bitcoin’s independence — it is a separate currency with a floating exchange rate — this flaw is arguably lethal to money systems.

Once committed, there is no ‘oops’, ‘takeback’, or ‘control-Z’.

Bitcoin advocates will argue that both its irreversibility and independence are benefits. That they were explicit design decisions to defy control by governments or banks. But to me these features are flaws, because a tenet of modern finance asserts that anything electronic must be reversible. If bitcoin really is the internet applied to money … then it, too, should have a “back” button.

Without an undo/ back button, it’s only possible to prevent fraud. With an undo, it would also be possible to detect and mitigate fraud; to see that something bad happened and then actually do something about it. Credit cards, bank account transfers, and all other electronic transactions involving a bank all have an “undo” button.

Banks rely on the reversibility feature every day to stop fraudulent activities. Bitcoin robbery cases aren’t just rising because of interest in the currency — the most recent is a European bitcoin payment processor losing $1M after a DDoS attack — they’re rising because robbing a bank online involves much less friction than doing so in person.

Nicholas Weaver

Nicholas Weaver is a researcher at the International Computer Science Institute in Berkeley and U.C. San Diego (though this opinion is his own). He focuses on network security as well as network intrusion detection, defenses for DNS resolvers, and tools for detecting ISP-introduced manipulations of a user’s network connection. Weaver received his Ph.D. in Computer Science from U.C. Berkeley.

In the current financial system, the only major irreversible transactions involve withdrawing cash. This is a process that must happen in person and therefore naturally imposes substantial limits; in-person requirements provide attribution, keep an attacker from automating the process, and limit the “attack surface”. For example:

To steal a million dollars hidden under mattresses, a thief needs to break into thousands of homes.

To steal a million dollars from a typical business’s bank account, thieves need to transfer it to a network of roughly 100 money mules.

Each mule must then withdraw less than $10,000 from their account within a short period of time, take the cash to Western Union, and wire the money to the thieves. (This is why those running the mules can claim up to 40-50 percent of the take!)

To steal a million dollars worth of bitcoins stored by a business, however, a thief only needs the private key. Likewise, to steal $1000 worth of bitcoins each from 1000 people, the thief only needs to have his or her bot software running on enough victims with enough bitcoins to automate the process.

This means bitcoins should never be “stored” on aninternet-connected device. That includes our computers and our smartphones. (And have you heard the one about the guy who keeps his key on his finger?) Let’s pause for a moment to reflect on that: What sort of online currency requires using offline computers and objects for all storage?

Now, it is theoretically true that stolen coins could be blocked. If a portion of the network blocks stolen bitcoins today, then the same mechanism could block bitcoins that passed through black markets or offshore exchanges (such as BTC-e) that don’t implement anti-money-laundering protections. Yet the bitcoin community strongly resists the idea of blacklists, because it eliminates fungibility — the notion that all bitcoins are identical — which is essential for a currency. If every dollar used in a drug deal couldn’t be used again, would dollars work as currency? Especially if, sometime after acceptance, a dollar becomes void and blacklisted after the fact because of its previous involvement in a crime?

Bitcoins should never be stored on an internet-connected device. But what sort of online currency requires using offline computers for all storage?

Bitcoin advocates insist that the theft problem is solvable. For the sake of argument, let’s assume that some bitcoin-centric hardware company deploys completely secure and free hardware bitcoin wallets for anyone to use. And let’s also assume consumers are happy with such an unregulatable model and don’t care that merchants can now rip them off with near impunity. Immunity from theft is not enough. Irreversibility, combined with volatility, ensures that bitcoin still will never see wide adoption.

Bitcoin’s irreversibility means that a bitcoin exchange can neveraccept credit cards or wire transfers to quickly provide bitcoins in significant quantities. These agencies must carefully audit customers, wait on any large purchases, and assign blame when attackers breach accounts. Any exchange that does not follow such precautions would be a magnet for fraud, and cease to exist once they start receiving chargebacks.

As a consequence, the only ways to quickly buy bitcoins require cash — again, I’m talking about convenience here which surely should be a feature of internet applied to money. This convenience can happen via a cash drop at a drugstore; a cash deposit into the exchange’s bank account; a face-to-face meetup; or at an actual ATM, complete with cameras and withdrawal limits. (The world’s first bitcoin ATM just went live a month ago in Canada. Incidentally, it takes cash, not ATM cards.)

Blacklists eliminate fungibility, which is essential for a currency.

And almost every bitcoin purchase needs to start with such a consuming, hastle-prone step if the buyer is unwilling to risk the wild swings in value that bitcoin experiences on a day-to-day basis. Since bitcoin has no stable value, the recipient should immediately go the other way. After all, if bitcoin’s volatility is desired by the merchant, they can just buy bitcoins independently. Instead, any sensible merchant receiving them will immediately turn them back into Dollars, Euros, or whatever local currency they need at a cost of roughly 1 percent. Which means the buyer first had to go the other way, turning dollars into bitcoins. Otherwise, the system would be out of balance.

Thus to actually buy something with the “digital currency of the future” — without having to wait, have funds predeposited at an exchange, or risk that one’s bitcoins drop in value — the buyer has to go to the bank, withdraw cash, turn it into bitcoins, and then spend it quickly.

The only way to quickly buy bitcoins requires cash: a consuming, hastle-prone step.

The need to go in person and withdraw cash conservatively costs the buyer 2 percent, as gas stations can charge over 2 percent to accept credit cards (and yet, people regularly use credit over cash). For reference, compare this to Square, which charges 2.75 percent to process credit cards. So even if you can conveniently get bitcoins from your local ATM — though we’re nowhere near there yet — a bitcoin transaction will cost the buyer and seller a combined 3 percent or more.

Even the much-vaunted international transfer use case doesn’t make sense here: A bitcoin transaction may be cheaper than a SWIFT wire transfer, but the cash requirement means it is not necessarily cheaper than Western Union. (To Mexico, it’s $8 plus a currency exchange fee. Europe is far more expensive, but that’s due to a lack of competition rather than something intrinsic.) If Western Union charges nearly double the currency conversion fee of a bitcoin exchange, it still comes out approximately the same since a foreign bitcoin transaction involves two currency exchanges rather than one.

Even at a 10 billion dollar market cap — the peak achieved by Beanie Babies in 1999 — bitcoin is almost irrelevant in financial terms.

Bitcoin therefore only works for merchants who face substantial chargebacks but who can’t say “pay cash”, are selling to bitcoin believers willing to pay the premium price to use bitcoins, or want to conduct business that the credit card system blocks. Yet many of the transactions blocked by the credit card system — namely gambling, drugs, and crypto-extortion — are themselves illegal. In those cases, does it really make sense to use such an innately traceable currency with a permanent record? I think not. (You can bet that redandwhite, the “hitman” Dread Pirate Roberts allegedly hired, is going to be asking himself that question over the coming months.)

This is not to say that bitcoin won’t retain its price. After all, the greater-sucker theory of speculation can ensure a large price for a long period. As long as bitcoin believers can recruit enough new money to balance the newly mined-for-sale coins, the price may sustain itself indefinitely. And, in the greater scheme of things, bitcoin is small: even at a roughly 10 billion dollar market capitalization it is almost irrelevant in financial terms. This is probably roughly the peak market capitalization achieved by Beanie Babies in 1999.

There are indeed important and valuable ideas that exist in bitcoin’s design. But bitcoin itself? I believe its volatility and built-in irreversibility will doom it to the ash-heap of history.